On Fri, Nov 10, 2006 at 10:31:38AM -0000, Clive Goodhead wrote: > For some months now we have used a HELO ACL to delay by
> 35 seconds all connections with suspicious looking HELOs.
> This is very effective at reducing the amount of spam
> that our servers receive, while not preventing "real"
> email getting through, because much of the current
> spamming software seems to drop the connection during the
> delay period.
>
> As our mail volumes get higher, however, I am beginning to
> be concerned about the load that all these delayed
> connections will place on our servers. At the moment it
> does not appear to be an issue, but I am looking for advice
> on whether or not it is likely to become a problem.
exim forks a process for each connection, so in your case
if you are receiving N connections per second you would
expect there to be about 35 N exim processes, all
sleeping, plus the actually active ones (the number of
which is no larger than the number there would have been
without the sleeps). Those sleeping processes don't use
much in the way of resources though -- process table
slots, file descriptors, a little bit of unshared memory.
N would have to be pretty large for this to be a problem,
I suspect, but you can always test it.
--
``I can't find the [Latin] translation for `responsibility',
which might explain a lot of Roman history....'' (Gareth Wilson)